Search code examples
javajnawindows-api-code-pack

Java JNA using kernal32 VirtualQueryEx returns zero (no success error code)

I am trying to use VirtualQueryEx from kernal32.dll windows API functions.

All pointers/addresses i get before call to this function are correct.

The call to VirtualQueryEx returns 0 , which means no success.

Also GetLastError() returns error code 5 which means access denied ):

What am I doing wrong please ?

  • Windows 8, Administrator privilege.

JNA Mapping:

public class Test
{
    static Kernel32   kernel32 = (Kernel32) Native.loadLibrary("kernel32", Kernel32.class);
    static User32     user32 = (User32)   Native.loadLibrary("user32"  , User32.class);

    public static  void main(String[] args)
    {
        int pid = getProcessId("someWindowName"); // get our process ID

        Pointer readprocess = kernel32.OpenProcess(0x0010, false,pid); // open the process ID with read priviledges.

        MEMORY_BASIC_INFORMATION l = new MEMORY_BASIC_INFORMATION();

        SYSTEM_INFO info =  new SYSTEM_INFO();

        kernel32.GetSystemInfo(info);          

        System.out.println(kernel32.VirtualQueryEx(readprocess, info.lpMinimumApplicationAddress, l, l.size()));
        System.out.println(kernel32.GetLastError());

    }

    public static int getProcessId(String window)
    {
        IntByReference pid = new IntByReference(0);
        user32.GetWindowThreadProcessId(user32.FindWindowA(null,window), pid);

        return pid.getValue();
    }

    public static Pointer openProcess(int permissions, int pid)
    {
        Pointer process = kernel32.OpenProcess(permissions,true, pid);
        return process;
    }

    public static Memory readMemory(Pointer process, int address, int bytesToRead)
    {
        IntByReference read = new IntByReference(0);
        Memory output = new Memory(bytesToRead);

        kernel32.ReadProcessMemory(process, address, output, bytesToRead, read);
        return output;
    }
}

inside kernal32 

    int VirtualQueryEx(Pointer readprocess, Pointer lpMinimumApplicationAddress,MEMORY_BASIC_INFORMATION lpBuffer, int dwLength);

memory_basic struct :

public  class MEMORY_BASIC_INFORMATION extends Structure {


    public Pointer baseAddress;

    public Pointer allocationBase;

    public NativeLong allocationProtect;

    public SIZE_T regionSize;

    public NativeLong state;

    public NativeLong protect;

    public NativeLong type;

}

Thanks !

Solution

  • From MSDN, you must obtain the process handle with PROCESS_QUERY_INFORMATION which has a value of 0x0400. You are opening the process with 0x0010, thus the "access denied" error.

    The handle must have been opened with the PROCESS_QUERY_INFORMATION access right, which enables using the handle to read information from the process object.